Terraform-provider-azurerm: azurerm_application_gateway ssl certificate recreated every apply regardless of cert file contents.
Terraform Version
Terraform v0.11.0
+ provider.azurerm v0.3.3
Affected Resource(s)
Please list the resources as a list, for example:
- azurerm_application_gateway
Terraform Configuration Files
resource "azurerm_application_gateway" "app-gw" {
[...]
ssl_certificate = {
name = "certificate"
data = "${file("certificate.pfx")}"
password = "${var.certificate_password}"
}
}
Expected Behavior
SSL certificate should not be recreated when there is no changes to the certificate file.
Actual Behavior
terraform plan outputs:
Terraform will perform the following actions:
~ azurerm_application_gateway.app-gw
ssl_certificate.0.data: <sensitive> => <sensitive> (attribute changed)
Plan: 0 to add, 1 to change, 0 to destroy.
even though the certificate file did not change.
Important Factoids
PFX certificate was created from a jks keystore via:
openssl pkcs12 -in certificate.jks -export -out certificate.pfx
Apart from the core issue, the fact the no-op operation takes up to 7 min add-up to the pain...
References
jbgi
All 8 comments
I am also facing the same issue! hope it gets resolved soon.
rahulkp220
on 11 Jan 2018
This might work as a workaround:
lifecycle {
ignore_changes = ["ssl_certificate"]
}
mykola42
on 12 Mar 2018
@mykola42 the workaround does not work as soon as you want to push some other changes:
* azurerm_application_gateway.services-gw: Error Creating/Updating ApplicationGateway "services_gateway" (Resource Group "Application-Gateway"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="ApplicationGatewaySslCertificateInvalidData" Message="Data or Password for certificate /subscriptions/xxxxxxxxxxx/resourceGroups/Application-Gateway/providers/Microsoft.Network/applicationGateways/services_gateway/sslCertificates/xxxxx is invalid." Details=[]
👋
To give an update here: we're still waiting for the Application Gateway API to be fixed before proceeding with any enhancements or bug fixes for this resource; once the API is fixed (I've just requested an update). As such I've de-prioritised this issue for the moment, but we'll circle around and take another look once the API's in a usable state - sorry for the inconvenience here!
Thanks!
tombuildsstuff
on 17 Apr 2018
hi @jbgi @rahulkp220 @mykola42
Given this issue is blocked on an upstream issue in the Azure API rather than keeping multiple issues open and trying to ensure they all remain up to date - I'm going to close this in favour of #1576 which is the Meta-Issue tracking the Bugs and Enhancements for the Application Gateway Resource. Once the bug in the API is fixed we should be able to take a look into this, but we'll keep track of the status of this issue there for the moment.
Thanks!
tombuildsstuff
on 15 Jul 2018
Hoping to re-open now that upstream has been fixed.
hdost
on 1 Oct 2018
This is fixed in #2054
tombuildsstuff
on 9 Nov 2018
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 6 Mar 2019
Related issues
Kanikamiglani31
·
3Comments
voyera
·
3Comments
steffencircle
·
3Comments
sam-cogan
·
3Comments
akamalov
·
3Comments
Most helpful comment
I am also facing the same issue! hope it gets resolved soon.